{"title":"利用机器学习算法检测恶意软件的法医易失性存储器","authors":"Fikri Bahtiar, N. Widiyasono, A. P. Aldya","doi":"10.25124/jrsi.v5i02.311","DOIUrl":null,"url":null,"abstract":"Forensics from volatile memory plays an important role in the investigation of cyber crime. The acquisition of RAM Memory or other terms of RAM dump can assist forensic investigators in retrieving much of the information related to crime. There are various tools available for RAM analysis including Volatility, which currently dominates open source forensic RAM tools. It has happened that many forensic investigators are thinking that they probably have malware in the RAM dump. And, if they do exist, they're still not very capable Malware Analysts, so it's hard for them to analyze the possibilities of malware in a RAM dump. The availability of tools such as Volatility allows forensic investigators to identify and link the various components to conclude whether the crime was committed using malware or not. However, the use of volatility requires knowledge of basic commands as well as static malware analysis. This work is done to assist forensic investigators in detecting and analyzing possible malware from dump RAM. This work is based on the volatility framework and the result is a Forensic tool for analyzing RAM dumps and detecting possible malware in it using machine learning algorithms in order to detect offline (not connected to the internet).","PeriodicalId":306088,"journal":{"name":"Jurnal Rekayasa Sistem & Industri (JRSI)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Forensic Volatile Memory For Malware Detection Using Machine Learning Algorithm\",\"authors\":\"Fikri Bahtiar, N. Widiyasono, A. P. Aldya\",\"doi\":\"10.25124/jrsi.v5i02.311\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Forensics from volatile memory plays an important role in the investigation of cyber crime. The acquisition of RAM Memory or other terms of RAM dump can assist forensic investigators in retrieving much of the information related to crime. There are various tools available for RAM analysis including Volatility, which currently dominates open source forensic RAM tools. It has happened that many forensic investigators are thinking that they probably have malware in the RAM dump. And, if they do exist, they're still not very capable Malware Analysts, so it's hard for them to analyze the possibilities of malware in a RAM dump. The availability of tools such as Volatility allows forensic investigators to identify and link the various components to conclude whether the crime was committed using malware or not. However, the use of volatility requires knowledge of basic commands as well as static malware analysis. This work is done to assist forensic investigators in detecting and analyzing possible malware from dump RAM. This work is based on the volatility framework and the result is a Forensic tool for analyzing RAM dumps and detecting possible malware in it using machine learning algorithms in order to detect offline (not connected to the internet).\",\"PeriodicalId\":306088,\"journal\":{\"name\":\"Jurnal Rekayasa Sistem & Industri (JRSI)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Jurnal Rekayasa Sistem & Industri (JRSI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.25124/jrsi.v5i02.311\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Rekayasa Sistem & Industri (JRSI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.25124/jrsi.v5i02.311","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Forensic Volatile Memory For Malware Detection Using Machine Learning Algorithm
Forensics from volatile memory plays an important role in the investigation of cyber crime. The acquisition of RAM Memory or other terms of RAM dump can assist forensic investigators in retrieving much of the information related to crime. There are various tools available for RAM analysis including Volatility, which currently dominates open source forensic RAM tools. It has happened that many forensic investigators are thinking that they probably have malware in the RAM dump. And, if they do exist, they're still not very capable Malware Analysts, so it's hard for them to analyze the possibilities of malware in a RAM dump. The availability of tools such as Volatility allows forensic investigators to identify and link the various components to conclude whether the crime was committed using malware or not. However, the use of volatility requires knowledge of basic commands as well as static malware analysis. This work is done to assist forensic investigators in detecting and analyzing possible malware from dump RAM. This work is based on the volatility framework and the result is a Forensic tool for analyzing RAM dumps and detecting possible malware in it using machine learning algorithms in order to detect offline (not connected to the internet).